Vulnerabilities > Improper Access Control

DATE CVE VULNERABILITY TITLE RISK
2015-03-18 CVE-2015-0667 Improper Access Control vulnerability in Cisco Content Services Switch 11500 Firmware 8.20.4.02
The Management Interface on Cisco Content Services Switch (CSS) 11500 devices 8.20.4.02 and earlier allows remote attackers to bypass intended restrictions on local-network device access via crafted SSH packets, aka Bug ID CSCut14855.
network
low complexity
cisco CWE-284
5.0
2015-03-14 CVE-2015-2107 Improper Access Control vulnerability in HP Operations Manager I Management Pack 1.0
HP Operations Manager i Management Pack 1.x before 1.01 for SAP allows local users to execute OS commands by leveraging SAP administrative privileges.
local
low complexity
hp sap CWE-284
6.8
2015-03-14 CVE-2015-0660 Improper Access Control vulnerability in Cisco Telepresence Server Software
Cisco Virtual TelePresence Server Software does not properly restrict use of the serial port, which allows local users to execute arbitrary OS commands as root by leveraging vSphere controller administrative privileges, aka Bug ID CSCus61123.
local
low complexity
cisco CWE-284
7.2
2015-03-11 CVE-2015-1631 Improper Access Control vulnerability in Microsoft Exchange Server 2013
Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to spoof meeting organizers via unspecified vectors, aka "Exchange Forged Meeting Request Spoofing Vulnerability."
network
low complexity
microsoft CWE-284
5.0
2015-03-09 CVE-2015-1464 Improper Access Control vulnerability in multiple products
RT (aka Request Tracker) before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to hijack sessions via an RSS feed URL.
network
low complexity
fedoraproject bestpractical CWE-284
6.4
2015-02-25 CVE-2015-0820 Improper Access Control vulnerability in multiple products
Mozilla Firefox before 36.0 does not properly restrict transitions of JavaScript objects from a non-extensible state to an extensible state, which allows remote attackers to bypass a Caja Compiler sandbox protection mechanism or a Secure EcmaScript sandbox protection mechanism via a crafted web site.
network
high complexity
opensuse mozilla canonical CWE-284
2.6
2015-02-19 CVE-2014-9422 Improper Access Control vulnerability in MIT Kerberos 5
The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/* authorization check and obtain administrative access by leveraging access to a two-component principal with an initial "kadmind" substring, as demonstrated by a "ka/x" principal.
network
high complexity
mit CWE-284
6.1
2015-02-17 CVE-2015-1427 Improper Access Control vulnerability in Elasticsearch
The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.
network
low complexity
elasticsearch CWE-284
7.5
2015-02-17 CVE-2014-8757 Improper Access Control vulnerability in LG On-Screen Phone 4.3.009
LG On-Screen Phone (OSP) before 4.3.010 allows remote attackers to bypass authorization via a crafted request.
low complexity
lg CWE-284
8.3
2015-02-11 CVE-2015-0008 Improper Access Control vulnerability in Microsoft products
The UNC implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not include authentication from the server to the client, which allows remote attackers to execute arbitrary code by making crafted data available on a UNC share, as demonstrated by Group Policy data from a spoofed domain controller, aka "Group Policy Remote Code Execution Vulnerability."
low complexity
microsoft CWE-284
8.3